[IPsec] new version of IKEv3
"Dan Harkins" <dharkins@lounge.org> Fri, 12 April 2013 22:47 UTC
Return-Path: <dharkins@lounge.org>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3562521F88A0 for <ipsec@ietfa.amsl.com>; Fri, 12 Apr 2013 15:47:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.265
X-Spam-Level:
X-Spam-Status: No, score=-6.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J0x8uh69Ipqx for <ipsec@ietfa.amsl.com>; Fri, 12 Apr 2013 15:47:35 -0700 (PDT)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by ietfa.amsl.com (Postfix) with ESMTP id BA20D21F878F for <ipsec@ietf.org>; Fri, 12 Apr 2013 15:47:35 -0700 (PDT)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id 94A8FA888010 for <ipsec@ietf.org>; Fri, 12 Apr 2013 15:47:35 -0700 (PDT)
Received: from 199.127.104.10 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Fri, 12 Apr 2013 15:47:35 -0700 (PDT)
Message-ID: <05ee1611c9732b5410df679113ebcf79.squirrel@www.trepanning.net>
Date: Fri, 12 Apr 2013 15:47:35 -0700
From: Dan Harkins <dharkins@lounge.org>
To: ipsec@ietf.org
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Subject: [IPsec] new version of IKEv3
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Apr 2013 22:47:36 -0000
Hello!
I've updated IKEv3 and the new version has been posted (see below).
Major changes are:
* support for NAT-T (which is different than the way it was done in
prior versions of IKE, please take a look at it).
* addressing the MiTM attack Valery Smyslov brought up on the list.
* allowing more than one IKE SA per peer (which was kind of necessary
to support NATs).
I look forward to hearing any comments or issues people have with
this protocol. As usual, if you plan on implementing it and would like
to interoperate I'd love to hear from you.
regards,
Dan.
----------------------------------------------------------
A new version of I-D, draft-harkins-ikev3-01.txt
has been successfully submitted by Dan Harkins and posted to the
IETF repository.
Filename: draft-harkins-ikev3
Revision: 01
Title: The (Real) Internet Key Exchange
Creation date: 2013-04-12
Group: Individual Submission
Number of pages: 43
URL:
http://www.ietf.org/internet-drafts/draft-harkins-ikev3-01.txt
Status: http://datatracker.ietf.org/doc/draft-harkins-ikev3
Htmlized: http://tools.ietf.org/html/draft-harkins-ikev3-01
Diff: http://www.ietf.org/rfcdiff?url2=draft-harkins-ikev3-01
Abstract:
The current version (v2) of the Internet Key Exchange failed to
address many of the shortcomings of the original version (v1). This
memo defines a new version (v3) of the Internet Key Exchange that
attempts to do so.
- [IPsec] new version of IKEv3 Dan Harkins